Vulnerabilities > CVE-2023-4101 - Authorization Bypass Through User-Controlled Key vulnerability in Qsige 3.0.0.0

047910
CVSS 6.5 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
LOW
Confidentiality impact
NONE
Integrity impact
HIGH
Availability impact
NONE
network
low complexity
qsige
CWE-639

Summary

The QSige login SSO does not have an access control mechanism to verify whether the user requesting a resource has sufficient permissions to do so. As a prerequisite, it is necessary to log into the application.

Vulnerable Configurations

Part Description Count
Application
Qsige
1